Hey there, news attenuated people of planet Rails! It’s your trusty prudent editor / local dimwit Kasper here with This Week in Rails. As always we both cover and cower at the highlight reel of Rails’ past week.

Rails 5.2 ships with a DSL to declare Content Security Policies. The default policy interfered with Rails’ UJS and required some extra that the team didn’t have time for to do now. So the aim is to have a default security policy in place for Rails 6.0.

Apache X-Request-Id headers can contain @-signs. While I don’t wanna speak out of school, I do feel quite comfortable yelling: WHY SHOULD THEY HAVE ALL THE FUN! So now we can flaunt that ability too. don’t @ me, though.

That’s it for this week. Many more changes were introduced to Rails than were featured here, check out the full week of commit activity to learn more!